Authorization Policies

Authorization policies specify the statements (directives that instruct the policy decision service to perform additional processing in conjunction with an authorization decision), conditions (authorization logic comparing one thing to another), and combining algorithms (the process for combining multiple rules) to determine an authorization decision.

For detailed information about policies, refer to Policies in the PingOne Cloud Platform Administrator Guide.

Authorization policies data model

Property Type? Required? Mutable? Description

Property	Type?	Required?	Mutable?	Description
`children`	Array	Optional	Mutable	The list of child policies or rules. Can be either referenced or embedded.
`combiningAlgorithm`	Object	Required	Immutable	The algorithm that determines how rules are combined to produce an authorization decision. For details, refer to Authorization Rules.
`condition`	Object	Optional	Mutable	The authorization condition object. For details, refer to Authorization Conditions.
`description`	String	Optional	Mutable	The authorization policy resource’s description.
`enabled`	Boolean	Optional	Mutable	The setting that determines whether the decision node is evaluated. The default value is `true`.
`id`	String	N/A	Read only	The policy resource’s unique identifier.
`name`	String	Required	Mutable	A user-friendly policy name. The `name` value must be unique.
`repetitionSettings`	Object	Optional	Mutable	Applies the policy to each item of the specific attribute, filtered by decision.
`repetitionSettings.source`	Object	Optional	Mutable	The source associated with this rule.
`repetitionSettings.source.id`	String	Optional	Mutable	The UUID of the repetition source associated with this rule.
`repetitionSettings.decision`	String	Optional	Mutable	The decision filter. Options are `PERMIT`, `DENY`, `NOT_APPLICABLE`, and `INDETERMINATE`.
`statements`	Object	Optional	Mutable	The authorization statements object. Can be either referenced or embedded. For details, refer to Authorization Statements.
`type`	String	Required	Mutable	The attribute type. Options are `POLICY`.
`version`	String	Required	Read only	A random ID generated by the system for concurrency control purposes.

children

Array

Optional

Mutable

The list of child policies or rules. Can be either referenced or embedded.

combiningAlgorithm

Object

Required

Immutable

The algorithm that determines how rules are combined to produce an authorization decision. For details, refer to Authorization Rules.

condition

Object

Optional

Mutable

The authorization condition object. For details, refer to Authorization Conditions.

description

String

Optional

Mutable

The authorization policy resource’s description.

enabled

Boolean

Optional

Mutable

The setting that determines whether the decision node is evaluated. The default value is true.

id

String

N/A

Read only

The policy resource’s unique identifier.

name

String

Required

Mutable

A user-friendly policy name. The name value must be unique.

repetitionSettings

Object

Optional

Mutable

Applies the policy to each item of the specific attribute, filtered by decision.

repetitionSettings.source

Object

Optional

Mutable

The source associated with this rule.

repetitionSettings.source.id

String

Optional

Mutable

The UUID of the repetition source associated with this rule.

repetitionSettings.decision

String

Optional

Mutable

The decision filter. Options are PERMIT, DENY, NOT_APPLICABLE, and INDETERMINATE.

statements

Object

Optional

Mutable

The authorization statements object. Can be either referenced or embedded. For details, refer to Authorization Statements.

type

String

Required

Mutable

The attribute type. Options are POLICY.

version

String

Required

Read only

A random ID generated by the system for concurrency control purposes.

Authorization embedded policies data model

Property Type? Required? Mutable? Description

Property	Type?	Required?	Mutable?	Description
`type`	String	Required	Mutable	The embedded policy type. Options are `POLICY`.
`value.id`	String	Required	Immutable	The embedded policy ID.
`name`	String	Required	Mutable	The embedded policy name.
`description`	String	Optional	Mutable	The embedded policy description.
`enabled`	Boolean	Optional	Mutable	Specifies whether the embedded policy is enabled.
`statements`	Object	Optional	Mutable	The statements associated with this embedded policy.
`conditions`	Object	Optional	Mutable	The conditions associated with this embedded policy.
`combiningAlgorithm`	Object	Required	Mutable	The combining algorithm for the embedded policy.
`children`	Array	Optional	Mutable	The list of sub-child policies or rules associated with the embedded policy.
`repetitionSettings`	Object	Optional	Mutable	The repitition settings associated with the embedded policy.

type

String

Required

Mutable

The embedded policy type. Options are POLICY.

value.id

String

Required

Immutable

The embedded policy ID.

name

String

Required

Mutable

The embedded policy name.

description

String

Optional

Mutable

The embedded policy description.

enabled

Boolean

Optional

Mutable

Specifies whether the embedded policy is enabled.

statements

Object

Optional

Mutable

The statements associated with this embedded policy.

conditions

Object

Optional

Mutable

The conditions associated with this embedded policy.

combiningAlgorithm

Object

Required

Mutable

The combining algorithm for the embedded policy.

children

Array

Optional

Mutable

The list of sub-child policies or rules associated with the embedded policy.

repetitionSettings

Object

Optional

Mutable

The repitition settings associated with the embedded policy.